Prevention of determination of time of execution of predetermined data processing routine in relation to occurrence of prior observable external event

(19)

(11)

EP 0 448 262 A3

(12)	EUROPEAN PATENT APPLICATION

(88)	Date of publication A3:
	30.09.1992 Bulletin 1992/40

(43)	Date of publication A2:
	25.09.1991 Bulletin 1991/39

(21)	Application number: 91301984.0

(22)	Date of filing: 11.03.1991

(51)	International Patent Classification (IPC)⁵: G06F 1/00

(84)	Designated Contracting States:
	AT BE CH DE DK ES FR GB GR IT LI LU NL SE

(30)

Priority:

20.03.1990 US 497012

(71)	Applicant: GENERAL INSTRUMENT CORPORATION OF DELAWARE
	Hatboro, Pennsylvania 19040 (US)

(72)	Inventors:
	Griffin, Roy Allen III Oceanside, California 92056 (US) Hart, Steven Raney Encinitas, California 92024 (US) Esserman, James Neil San Diego CA 92122 (US) Katznelson, Ron D. San Diego, California 92130 (US) Anderson, Steven Edward La Jolla, California 92023 (US)

(74)	Representative: Blatchford, William Michael et al
	Withers & Rogers 4 Dyer's Buildings Holborn London EC1N 2JT London EC1N 2JT (GB)

(56)

References cited: :

(54)	Prevention of determination of time of execution of predetermined data processing routine in relation to occurrence of prior observable external event

(57) Compromise of a predetermined secure data processing routine (14, 49) by a procedure known as a "clock attack" is prevented by a method that inhibits synchronization with externally generated instructions by preventing determination of the time of execution of the predetermined data processing routine in relation to occurrence of an observable external event that precedes the execution of the predetermined routine. The method includes the step of (a) randomly varying the duration between the occurrence of the observable external event and the execution of the predetermined routine. Step (a) includes the steps of (b) executing one or more interim data processing routines (20, 21, 22, 52) between the occurrence of the observable external event and the execution of the predetermined routine; and (c) randomly varying the duration of said interim routines. Steps (b) and (c) may include the step of (d) randomly assembling m said interim routines for said execution from a group (52) of n stored routines having different durations, wherein m and n are integers, with n being greater than m. Step (d) may include either the step of (e) randomly accessing said m interim routines from a secure memory (51); or the steps of (f) randomly accessing pointers (58) for said m interim routines from a secure memory (60); and (g) accessing said m interim routines from a memory (51) in response to said pointers. Step (c) includes the step of (h) randomly varying the duration of the interim routines in response to dynamically processed data that does not repetitively recur each time said interim routines are accessed. The method further includes the steps of (i) monitoring (26) said interim routines to detect whether said interim routines are being tampered with; and (j) preventing (38) the execution of said predetermined routine in response to detecting that said interim routines are being tampered with.

Search report